Security Information

Debian takes security very seriously. We handle all security problems
brought to our attention and ensure that they are corrected within
a reasonable timeframe.
Many advisories are coordinated with other free software vendors
and are published the same day a vulnerability is made public and
we also have a Security Audit team that reviews
the archive looking for new or unfixed security bugs.

Experience has shown that security through obscurity does not work. Public
disclosure allows for more rapid and better solutions to security problems. In
that vein, this page addresses Debian's status with respect to various known
security holes, which could potentially affect Debian.

You can use apt
to easily get the latest security updates.
This requires a line such as

deb http://security.debian.org/ stretch/updates main contrib non-free

in your /etc/apt/sources.list file. Then execute
apt-get update && apt-get upgrade to download and apply
the pending updates.
The security archive is signed with the normal Debian archive
signing keys.

The latest Debian security advisories are also available in
RDF format. We also offer a
second file that includes the first paragraph
of the corresponding advisory so you can see in it what the advisory is
about.

Debian distributions are not vulnerable to all security problems. The
Debian Security Tracker
collects all information about the vulnerability status of Debian packages,
and can be searched by CVE name or by package.